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Claims 

[ci] A method for generating a shared key comprising: 

providing a first certificate from a first peer to a second 
peer, the first certificate including a plurality of first pa- 
rameters; 

performing a first exponentiation operation to generate 
a first public key from the second peer using at least one 
parameter of the plurality of first parameters and a first 
private key from the second peer; 
providing a second certificate and the first public key 
from the second peer to the first peer, the second cer- 
tificate comprising a plurality of second parameters; 
performing a second exponentiation operation to gener- 
ate a shared secret key for the second peer using at least 
one parameter from the plurality of first parameters; 
performing a third exponentiation operation to generate 
the shared secret key for the first peer using the first 
public key from the second peer and a private key from 
the first peer. 

[c2] The method according to claim 1 wherein the first cer- 
tificate is a DSA type certificate. 

[c3] The method according to claim 2 wherein the first and 



second parameters comprise a prime number p , a 

dss 

prime number q a generator g and a public key for 

dss, dss 

the first and second peers, respectively. 

[c4] The method according to claim 3 wherein the first expo- 
nentiation operation to generate the first public key is Y 

R 

= g AX mod p where X is a one-time private key 

^dss R ^dss R ^ ' 

from the second peer. 

[c5] The method according to claim 4 wherein the second 
exponentiation operation to generate the shared secret 
key for the second peer is Y = Y ax mod p 

' ^ SSK Adss R ^dss 

where Y is a DSS public key from certificate of peer A. 
Adss ^ ^ ^ 

[c6] The method according to claim 5 wherein Y = g a 

Adss dss 

X mod p where X is a DSS private key from cer- 

Adss dss Adss 

tificate of peer A. 

[c7] The method according to claim 5 wherein the third ex- 
ponentiation operation to generate the shared secret key 
for the first peer is Y = Y a x mod p where X 

SSK R Adss dss Adss 

is a DSS private key from certificate of peer A. 

[c8] The method according to claim 1 wherein the first and 
second certificates are sent to the second and first peers, 
respectively, over a wireless network. 



[c9] 



An article of manufacture comprising: 



a machine accessible medium including data that, when 
accessed by a machine, causes the machine to perform 
operations comprising: 

providing a first certificate from a first peer to a second 
peer, the first certificate including a plurality of first pa- 
rameters; 

performing a first exponentiation operation to generate 
a first public key from the second peer using the plural- 
ity of first parameters and the first private key from the 
second peer; 

providing a second certificate and the first public key 
from the second peer to the first peer, the second cer- 
tificate comprising a plurality of second parameters; 
performing a second exponentiation operation to gener- 
ate a shared secret key for the second peer using at least 
one parameter from the plurality of first parameters; 
performing a third exponentiation operation to generate 
the shared secret key for the first peer using the first 
public key from the second peer and a private key from 
the first peer. 

[cio] The article of manufacture according to claim 9 wherein 
the first certificate is a DSA type certificate. 

[cii] The article of manufacture according to claim 10 wherein 
the first and second parameters comprise a prime num- 
ber p , a prime number q ,a generator g and a 

dss dss dss 



public key for the first and second peers, respectively. 



[cl2] The article of manufacture according to claim 11 wherein 
the first exponentiation operation to generate the first 
public key is Y =g ax mod p where X is a one- 

^ ^ R ^dss R ^dss R 

time private key from the second peer. 

[ci3] The article of manufacture according to claim 12 wherein 
the second exponentiation operation to generate the 
shared secret key for the second peer is Y = Y ax 

' ^ SSK Adss R 

mod p where Y is a DSS public key from certificate 

^dss Adss 

of peer A. 

[ci4] The article of manufacture according to claim 13 wherein 
Y = g AX mod p where X is a DSS private 

Adss dss Adss dss Adss 

key from certificate of peer A. 

[ci5] The article of manufacture according to claim 13 wherein 
the third exponentiation operation to generate the 
shared secret key for the first peer is Y = Y a x 

' ^ SSK R Adss 

mod p where X is a DSS private key from certificate 

^dss Adss ^ ^ 

of peer A. 

[ci6] The article of manufacture according to claim 9 wherein 
the first and second certificates are sent to the second 
and first peers, respectively, over a wireless network. 

[ci7] A system comprising: 



a processor; and 

a memory coupled to the processor, the memory con- 
taining program code that, when executed by the pro- 
cessor, causes the processor to: 
provide a first certificate from a first peer to a second 
peer, the first certificate including a plurality of first pa- 
rameters; 

perform a first exponentiation operation to generate a 
first public key from the second peer using the plurality 
of first parameters and the first private key from the sec- 
ond peer; 

provide a second certificate and the first public key from 
the second peer to the first peer; the second certificate 
comprising a plurality of second parameters; 
perform a second exponentiation operation to generate a 
shared secret key for the second peer using at least one 
parameter from the plurality of first parameters; 
performing a third exponentiation operation to generate 
the shared secret key for the first peer using the first 
public key from the second peer and a private key from 
the first peer. 

[ci8] The system according to claim 17 wherein the first cer- 
tificate is a DSA type certificate. 

[ci9] The system according to claim 18 wherein the first and 
second parameters comprise a prime number p , a 

dss 



prime number q^^^, a generator g^^^ and a public l<ey for 
the first and second peers, respectively. 

[c20] The system according to claim 19 wherein the first ex- 
ponentiation operation to generate the first public key is 
Y = g AX mod p where X is a one-time private 

R ^dss R dss R ^ 

key from the second peer. 

[c2i] The system according to claim 20 wherein the second 
exponentiation operation to generate the shared secret 
key for the second peer is Y = Y ax mod p 

' ^ SSK Adss R ^dss 

where Y is a DSS public key from certificate of peer A. 
Adss ^ ^ ^ 

[c22] The system according to claim 21 wherein Y = g a 

^ Adss ^dss 

X where X is a DSS private key from certificate of 

Adss Adss 

peer A. 

[c23] The system according to claim 21 wherein the third ex- 
ponentiation operation to generate the shared secret key 
for the first peer is Y = Y a x mod p where X 

SSK R Adss dss Adss 

is a DSS private key from certificate of peer A. 

[c24] The system according to claim 17 wherein the first and 
second certificates are sent to the second and first peers, 
respectively, over a wireless network. 



[C25] 



A method comprising: 

receiving a first certificate including a plurality first pa- 



rameters; 

performing a first exponentiation operation to generate 
a first public l<ey using at least one parameter of the plu- 
rality of first parameters and a first private key; 
receiving a second certificate and the first public key, the 
second certificate including a plurality of second param- 
eters; 

performing a second exponentiation operation to gener- 
ate a first shared secret key using at least one parameter 
from the plurality of first parameters; 
performing a third exponentiation operation to generate 
a second shared secret key using the first public key and 
a private key. 

[c26] The method according to claim 25 wherein the first cer- 
tificate is a DSA type certificate. 

[c27] The method according to claim 26 wherein the first and 
second parameters each comprises a prime number p , 

dss 

a prime number Q^^^.a generator g^^^ and a public key. 

[c28] The method according to claim 27 wherein the first ex- 
ponentiation operation to generate the first public key is 
Y = g AX mod p where X is a one-time private 

R ^dss R dss R 

key. 



[c29] The method according to claim 28 wherein the second 



exponentiation operation to generate tlie first sliared se- 
cret key for tlie second peer is Y = Y ax mod p 

^ ^ SSK Adss R ^dss 

wliere Y is a DSS public l<ey. 

Adss ^ ' 

[c30] The method according to claim 29 wherein Y = g a 

Adss dss 

X mod p where X is a DSS private key. 

Adss dss Adss 

[c3i] The method according to claim 29 wherein the third ex- 
ponentiation operation to generate a second shared se- 
cret key is Y = Y a x mod p where X is a 

SSK R Adss dss Adss 

DSS private key. 

[c32] The method according to claim 25 wherein the first and 
second certificates are sent to the second and first peers, 
respectively, over a wireless network. 



